RE: so, is I[dp]S a STUPID technology?

["Kyle Quest" <Kyle.Quest () networkengines com>]

> As far as scanning them goes, http://infosec.yorku.ca/tools/ has a
> scanner that did 4 class B's in under 15 min, (ask J. Glass:) it doesnt
> check for everything, but you might get it to at least scan for the SANS
> top 20 in that time with some trial and error.

Just a quick comment... There's a reason that "scanner" is so fast.
Unfortunately it's not some new ground breaking scanning technique
(it uses multiple process with non-blocking socket operations).
It's because it checks for 3 simple things (looking at tcp ports 139/445),
which is probably about % 0.001 of things that an VA scanner would
be doing. Scanning for SANS top 20 will require writing a completely
new tool. And if you want to cover the top 20 completely, your tool
will need to be able to login to different services as well. By the time
you are done writing this comprehensive SANS top 20 scanner, it won't
be able to do a class B net in 10 minutes (and especially 4 class B nets
under 15 minutes). It'll take much longer. If you'll try to add
an open port scanner (even using the fastest algorithm available),
it'll add much more time (130k of ports for each machine * 10000 machines).

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.